home

dealvault.exe

Deal Vault

Excellent Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application dealvault.exe, “Deal Vault Installer” by Excellent Apps has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
215 Apps  (signed by Excellent Apps)

Product:
Deal Vault

Description:
Deal Vault Installer

Version:
1.26.152.152

MD5:
8717a4aaaaf391bd5877058d40b430e2

SHA-1:
9fd91e0d62119d3d4559b5b0e67e9d1b701bf8d4

SHA-256:
2a708c42a5dd5f3d53e127c23c34a33da7c2a5e0e5440a818fecf671d8dfd045

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/25/2024 3:04:17 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

avast!
Win32:Crossrider-C [PUP]
2014.9-160127

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.16127

Bkav FE
HW32.Packed
1.3.0.6267

Dr.Web
Adware.Plugin.22
9.0.1.027

ESET NOD32
Win32/Packed.ScrambleWrapper.A potentially unwanted application
10.7.0.302.0

F-Prot
W32/Zbot.QO.gen
v6.4.7.1.166

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.0.0.0

K7 AntiVirus
Trojan
13.186.14174

Malwarebytes
PUP.Optional.DealVault.A
v2016.01.27.01

McAfee
Artemis!BACB260F5FC2
5600.6508

NANO AntiVirus
Trojan.Win32.Plugin.csnygh
0.28.6.63726

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.50OnRed.ExcellentApps.Installer (M)
16.1.27.1

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.RCBH1A8
7.2.27

VIPRE Antivirus
GamePlayLabs
35278

File size:
3 MB (3,188,312 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\adobe-flash-player_085\software\dealvault.exe

Digital Signature
Signed by:
Excellent Apps

Authority:
Thawte, Inc.

Valid from:
8/28/2012 7:00:00 PM

Valid to:
8/29/2013 6:59:59 PM

Subject:
CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata
Compilation timestamp:
1/5/2010 6:09:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
98304:a+SKF+w1Hdq3d7qIC0HQ+j/0ZMy0opLJoauj8j:aMQw19upHfj8/0kJoag8j

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9927  (probably packed)

Code size:
33 KB (33,792 bytes)

Remove dealvault.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.